It slipped past the bar. Chat Control 1.0. Adopted by the European Parliament this Thursday. A temporary derogation from ePrivacy rules. Meant to flag online child sexual abuse. But also meant to keep the door cracked open for Chat Control 2.0 while lawmakers figure out the rest. It stays valid until 3 April 2 way. 2028. That gives them plenty of time. Plenty of cover.
The ghost file returns
Back in March? Parliament killed it. The MEPs said no. The talks had failed. End of story, they thought.
Then in late June. Roberta Metsola, the Parliament President. She dug it out. Reopened the file. Threw it at the Council. Warned everyone. Said the expired rules left a gap. A dangerous one for online child protection.
The Council played nice. Or maybe they played dirty. Sent it back to Parliament. Right when the vacation season hit. When seats are empty. When it’s nearly impossible to gather a majority to stop it again. Timing is everything. Or timing is nothing but convenient.
How it happened (or didn’t)
Here’s the messy middle. The first vote at the EP? Simple majority to reject it. 314 voted yes to killing it. 276 voted against. 17 sat on the fence. Looked good for privacy.
Then the second reading. The numbers shifted. 360 is the absolute majority needed right now. To reject the amended position? 276 were in favor. 286 against. 30 abstentions. They fell short.
Short by one.
The file stayed alive. The second reading closed. Now the amended package goes back to the Council. Three months for them to say yes. Or no. Or anything.
What was in that amended package? A cosmetic fix. Proposed by the RENEW liberals. They tried to exclude end-to-end encrypted communications. Past, present, or future encryption. Just to look like they care.
Some MEPs called it “a glimmer of hope.” Maybe. Maybe it was why the whole text wasn’t dumped in the second hearing. But let’s be clear. It’s cosmetic. And it makes no sense. Mass scanning plus end-to-end encryption? They are opposites.
“A glimmer of hope” is what they called it. Let’s see how that glimmer holds up when the Council rejects these amendments, which they will.
The Council has said nice things before about privacy and encryption in the Chat Control 2.0 debates. Just nice things. No technical debate. No real answer on how to scan chats while keeping them locked. You can’t. Not really.
The internet is angry. Social media is buzzing. Member states? Silence. Mostly. These files sit in Ministries of the Interior. A few countries are arguing about it. Law enforcement wants it. Data protection hates it. Cybersecurity worries. Most governments aren’t even talking about it yet.
The opposition isn’t splitting. It’s unifying.
Left wing. Right wing. Liberals. Privacy nuts like Patrick Breyer. Human rights experts. Everyone hates this. It’s rare to see such a broad tent of opposition in the EU. Usually they fight each other. Today? They agree on this. Mass scanning of private communications is not a thing we do.
Svenja Hahn, from the ALDE party, didn’t hold back. EUTechLoop caught her ranting. And rightly so.
“It’s a disgrace,” Hahn said. “It opens the door for mass surveillance… instead of targeted fight against child sexual abuse.”
She called it a threat to democracy. She’s not alone. Lyudmyla Kozlovaska of the Open Dialogue Foundation saw it differently. She saw a pattern.
First, financial privacy goes. Then travelers’ data. Now chats. Normalized erosion. One step at a time. Always with an urgent reason. Always quiet afterward.
“Financial, security and cybersecurity laws are now… weaponised… against its own citizens,” Kozlovska warned. “For transnational repression.”
The real fight isn’t today. Today is a procedural blip. The real fight is in September. For Chat Control 2.
Until then? Resistance needs to be loud. Needs to be constant. No more procedural tricks allowed. The door is cracked open again. Don’t look away. What happens when they push the rest of it through? We don’t know yet. We just have until 2028 to find out.
